The article renders out the necessary steps that need to be performed in case that a Sophos Disk Encryption or SafeGuard Easy/ Enterprise standalone user has forgotten their password and Local Self Help was not configured.

What To Do

Reset the password for the Active Directory User Account

For SafeGuard Easy/ Enterprise (standalone clients): In the Management Center/ Policy Editor, perform a "Recovery" | "Sophos SafeGuard Client (standalone)" for the user to help them through POA. For Sophos Disk Encryption: In the Sophos Enterprise Console, select the User's machine and perform a "Encryption Recovery..." | "Forgotten password (logon recovery)" for the user to help them through the POA.

On the client machine, logon to Windows using the new Active Directory password

A SafeGuard message appears, requesting the user to enter their old password. As the user is no longer aware of the old password, press "Cancel"

Another SafeGuard dialog appears, asking the user whether to replace the users certificate or not. Select "Yes" to automatically have a new certificate with the new user password being created.

The user can now log in via the Power on Authentication using their new password.

Please note: This process has not to be performed if Local Self Help was activated and configured by the user. Local Self Help questions will become invalid and have to be re-answered once the user password has been reset using the procedure above.